Date: Tue, 23 Jul 2002 23:50:03 -0400 (EDT) From: "Michael Sharp" <freebsd@ec.rr.com> To: <freebsd-security@FreeBSD.org> Subject: SSDP? Message-ID: <1067.192.168.1.1.1027482603.squirrel@webmail.probsd.ws>
next in thread | raw e-mail | index | archive | help
I was doing a security audit last night and running ethereal. Immediately after starting it, I was seeing SSDP from MY router ( 192.168.1.1 ) to the IP address 239.255.255.250 ( ep.net ). Since I'm not sure what SSDP is besides that it is Simple Services Discovery Protocol, I did: /sbin/route -nq add -host 239.255.255.250 127.0.0.1 -blackhole ipfw add 98 deny all from 239.255.255.250 to me in via xl0 ipfw add 99 deny all from me to 239.255.255.250 out via xl0 In hopes that it would stop the packets, but it didnt and the activity continued on ethereal. Could someone please shed some light on why I might be sending SSDP to this particular IP address every 10 seconds? I can supply ethereal logs if needed. michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1067.192.168.1.1.1027482603.squirrel>